Archived.
All maintenance and development now happens as part of monorepo.
Payas Relekar
629846a1f9
agenix uses age (a utility + standard) that encrypts secrets using ssh key.
This simplifies secrets management quite a bit compared to GPG (my attempts for
which have failed so far).
Changes included:
- Encrypt all current keys (mail, backups) using age, configured via
agenix
- All encrypted keys are committed to git repo and decrypted during boot
- None of the keys are used anywhere just yet. They will replace file
paths in future commit after testing
- Decrypted keys are available after boot under user name with read-only
permissions at default agenix location (as of this commit)
- The Nix variable path is provided by agenix and can be used instead of
having to recreate
- multiple keys can be specified for single key, but for now I am only
using one
For now, the code is dirty and can definitely use improvements. It is just at a
place where it is all working right now.
TODO: Get age + agenix in environment packages available at runtime in NixOS
Links:
- https://github.com/ryantm/agenix
- https://github.com/hlissner/dotfiles
|
||
|---|---|---|
| cachix | ||
| hosts/enterprise | ||
| modules | ||
| .gitignore | ||
| cachix.nix | ||
| flake.lock | ||
| flake.nix | ||
| hardware-configuration.nix | ||
| nix.nix | ||